Attorney's Docket No. 1003670-000104 
Application No. 10/620,817 

Page 2 

AMENDMENTS TO THE CLAIMS: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

LISTING OF CLAIMS: 

1. (Original) A method of providing a Certificate Status Service ("CSS") 
for checking validities of authentication certificates issued by respective issuing 
Certification Authorities ("CAs"), comprising the steps of: 

identifying information needed for retrieving a status of an authentication 
certificate from an issuing CA that issued the authentication certificate; 

configuring a connector based on the identified information for communicating 
with the issuing CA; 

communicating with the issuing CA according to the configured connector 
when the status of the authentication certificate is queried; and 

retrieving the status of the authentication certificate; 

wherein the issuing CA and the connector are designated on a list of 
approved CAs in a configuration store. 

2. (Currently Amended) The method of claim 1 , wherein a local date and 
time are checked for whether they fall within a validity period indicated in the 
authentication certificate and an invalid status is reported if the local date and time 
fall outside the validity period . 
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3. (Original) The method of claim 1 , wherein the issuing CA is included in 
the list of approved CAs by vetting and approving the issuing CA according to 
predetermined business rules, and if the issuing CA is vetted and not approved, the 
issuing CA is designated on a list of not-approved CAs in the configuration store. 

4. (Original) The method of claim 3, wherein vetting and approving the 
issuing CA includes registering a representation of a trusted authentication certificate 
with the CSS and adding at least the representation, status and a time-to-live data 
element to a local cache memory, and a connector is configured for retrieving the 
added status when the status of the trusted authentication certificate is queried. 

5. (Currently Amended) The method of claim 2, further comprising the 
steps of checking a local cache memory for the status, and if the status is found in 
the local cache memory and the local date and time are within the validity period, 
retrieving the status from the local cache memory, wherein if the status is not found 
in the local cache memory or if th o l oca l dat o and tim o are not w i thin the va li dity 
p e r i od , the CSS establishes a communication session with a certificate status 
reporting component of the issuing CA, composes a certificate status request 
according to the configured connector, retrieves the status from the certificate status 
reporting component, closes the communication session with certificate status 
reporting component, and adds at least the authentication certificated identification, 
status, and time-to-live to the local cache memory. 
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6. (Original) The method of claim 1 , wherein the certificate status is 
indicated by a Certificate Revocation List (CRL), according to a publication schedule 
of the issuing CA, the CSS retrieves the CRL from a certificate status reporting 
component listed in the configuration store, the CSS clears a cache memory 
associated with the issuing CA, and the CSS determines the status of the 
authentication certificate from the CRL and stores the status in the cache memory 
associated with the issuing CA. 

7. (Original) The method of claim 1 , wherein the certificate status is 
indicated by a Delta Certificate Revocation List ("ACRL"); upon notification by the 
issuing CA that a ACRL is available, the CSS retrieves the ACRL from a certificate 
status reporting component listed in the configuration store; if the ACRL is a 
complete CRL, then the CSS clears a cache memory associated with the issuing CA, 
determines the status from the CRL, and stores the status in the cache memory; and 
if the ACRL contains only changes occurring after publication of a full CRL, the CSS 
determines the status from the ACRL, and stores the status in the cache memory. 

8. (Original) The method of claim 1, wherein the communicating step 
includes communicating according to a sequence of connectors. 

9. (Original) The method of claim 1 , wherein a connector embeds more 
than one certificate status check in a single communicating step. 
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10. (Original) The method of claim 1 , wherein the authentication certificate 
is not used for identification. 

1 1 . (Currently Amended) A method of retrieving a status of an 
authentication certificate issued by an issuing Certification Authority ("CA") in 
response to a query from a Trusted Custod i a l Ut il ity CTCm trusted third-party 
repository of information objects to a Certificate Status Service ("CSS") to validate 
the authentication certificate's status, comprising the steps of: 

locating and reporting the status if the status is present and current in a cache 
memory of the CSS; 

otherwise performing the steps of: 

obtaining a status type and retrieval method from a CSS configuration store; 

if the status type is Certificate Revocation List ("CRL") and the last retrieved 
CRL is current, but the status is not found in the cache memory, then reporting the 
status as valid; 

if the status type is not CRL, then composing a certificate status request 
according to the status type; 

establishing a communication session with the issuing CA; 

retrieving the status from a status reporting component of the issuing CA 
using the obtained retrieval method and ending the communication session; 

interpreting the retrieved status; 

associating, with the interpreted retrieved status, a time-to-live value 
representing a period specified by a CSS policy for the status type; 
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adding at least the authentication certificate's identification, status, and time- 
to-live values to the cache memory; and 

reporting the status to the TG U trusted third-party repository of information 
objects in response to the query. 

12. (Original) The method of claim 1 1 , wherein the CSS uses a certificate 
status protocol in the communication session. 

1 3. (Original) The method of claim 1 1 , wherein more than one status is 
retrieved using the obtained retrieval method. 

14. (Original) The method of claim 1 1 , wherein the authentication 
certificate is not used for identification. 

15. (Original) A Certificate Status Service ("CSS") for providing accurate 
and timely status indications of authentication certificates issued by issuing 
Certification Authorities ("CAs"), comprising: 

providing a status of an authentication certificate as indicated by a Certificate 
Revocation List ("CRL") when the certificate's issuing CA uses CRLs for indicating 
status; 

otherwise, providing the status indicated by a cache memory when the cache 
memory includes a status and a time-to-live data element is not exceeded; 

if the time-to-live data element is exceeded, clearing the status from the cache 
memory; 
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requesting and retrieving the status using a real-time certificate status 
reporting protocol when the status is not in the cache memory; 

adding at least the certificate's identification, status, and time-to-live data 
element to the cache memory; and 

providing the retrieved status. 

16. (Original) The CSS of claim 15, wherein a status use-counter data 
element is added to the cache memory; the status use-counter data element is 
incremented or decremented every time the certificated status is checked; and if the 
status use-counter data element passes a threshold, then the status is provided and 
the cache memory is cleared with respect to the status. 

17. (Original) The CSS of claim 16, wherein a status last-accessed data 
element is added to the cache memory, and the status last-accessed data element in 
conjunction with the status use-counter data element enable determination of an 
activity level of the certificate's status. 

18. (Currently Amended) The CSS of claim 17, wherein when a request is 
made to the CSS to retrieve a status of a new certificate and the cache memory has 
reached an allocated buffer size limit, the CSS searches the cache memory for a 
tasted least -accessed data element indicating an oldest date and clears the 
respective cache memory entry; and the CSS then retrieves the requested status, 
places it in the cache memory, and provides the requested status. 
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19. (Currently Amended) A method of executing a transaction between a 
first party and a second party by transferring control of an authenticated information 
object having a verifiable evidence trail, comprising the steps of: 

retrieving an authenticated information object from a trusted repository, 
wherein the authenticated information object includes a first digital signature block 
comprising a digital signature of a submitting party and a first authentication 
certificate relating at least an identity and a cryptographic key to the submitting party, 
a date and time indicator, and a second digital signature block comprising a second 
digital signature of the trusted repository and a second authentication certificate 
relating at least an identity and a cryptographic key to the trusted repository; the first 
digital signature block was validated by the trusted repository; and the authenticated 
information object is stored as an electronic original information object under the 
control of the trusted repository; 

executing the retrieved authenticated information object by the second party 
by including in the retrieved authenticated information object a third digital signature 
block comprising at least a third digital signature and a third authentication certificate 
of the second party; and 

forwarding the executed retrieved authenticated information object to a trusted 
custodia l utility ("TCU") third-partv repository of information objects , wherein the TGU 
trusted third-party repository of information objects verifies digital signatures and 
validates authentication certificates associated with the digital signatures included in 
information objects by at least retrieving status of the authentication certificates from 
a Certificate Status Service ("CSS") provided according to claim 1 ; the TG U trusted 
third-partv repository of information objects rejects a digital signature block if the 
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respective digital signature is not verified or the status of the respective 
authentication certificate is expired or is revoked; and if at least one signature block 
in the information object is not rejected, the TGU trusted third-partv repository of 
information objects appends the TGU trusted third-partv repository 's digital signature 
block and a date and time indicator to the information object and takes control of the 
object on behalf of the first party. 

20. (Original) The method of claim 19, wherein a signature block includes 
at least one hash of at least a portion of the information object in which the signature 
block is included, the at least one hash is encrypted by the cryptographic key of the 
block's respective signer, thereby forming the signer's digital signature, and the 
signer's digital signature is included in the signature block with the signer's 
authentication certificate. 

21 . (Original) The method of claim 20, wherein the executing step includes 
displaying a local date and time to the second party, affirming, by the second party, 
that the displayed local date and time are correct, and correcting the local date and 
time if either is incorrect. 

22. (Currently Amended) The method of claim 19, wherein if the TGU 
trusted third-partv repository of information objects rejects a digital signature block, 
the TGU trusted third-partv repository of information objects requests a remedy that 
requires the digital signature to be recomputed and the signature block to be 
reforwarded. 
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23. (Currently Amended) The method of claim 19, wherein the TGU 
trusted third-party repository of information objects checks the local date and time for 
accuracy and that they are within a validity period indicated by the second party's 
authentication certificate. 

24. (Currently Amended) The method of claim 23, wherein if the local date 
and time are not within the validity period indicated by the second party's 
authentication certificate, the TGU trusted third-party repository of information 
objects notifies the second party that the authentication certificate is rejected and the 
first party that the transaction is incomplete. 

25. (Original) The method of claim 19, wherein one or more digitized 
handwritten signatures are included in the information object, and placement of the 
digitized handwritten signatures in a data structure is specified by at least one 
signature tag. 

26. (Original) The method of claim 19, wherein placement of one or more 
signature blocks in a data structure is specified by at least one signature tag. 

27. (Currently Amended) The method of claim 26, wherein one or more 
signature blocks are separately forwarded to the TG U trusted third-partv repository of 
information objects with respective signature tags, and the TGU trusted third-partv 
repository of information objects validates the signature blocks by: 
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rejecting a signature block if either the respective digital signature is not 
verified or the respective authentication certificate is not validated, and 

placing the signature block according to the respective signature tag if the 
signature block is not rejected, 

wherein, to signature blocks sent separately, the TGU trusted third-party 
repository of information objects adds a date and time indication to each signature 
block and appends according to business rules the TG U trusted third-party 
repository 's signature block in a wrapper that encompasses the information object 
and placed signature blocks. 

28. (Currently Amended) The method of claim 27, wherein the TGU 
trusted third-party repository of information objects verifies a digital signature and 
validates an authentication certificate in a signature block by: 

determining from the business rules whether a party associated with the 
authentication certificate has authority, 

verifying the party's digital signature, 

checking that the authentication certificate's validity period overlaps the TGU 
trusted third-party repository 's current date and time, 

checking that the local date and time falls within an allowable deviation from 
the TCU trusted third-party repository 's current date and time, and 

retrieving status of the authentication certificate from the CSS, and 

if any of the preceding steps results in an invalid or false output, the digital 
signature is deemed invalid, the transaction is not executed, otherwise the digital 
signature is deemed valid and the transaction is executed. 
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29. (Currently Amended) The method of claim 19, wherein the CSS 
provides authentication certificate status to the TGU trusted third-party repository of 
information objects by at least the steps of checking a local cache memory for the 
status, and if the status is found in the local cache memory and the local date and 
time are within the validity period, and retrieving the status from the local cache 
memory; if the status is not found in the local cache memory or if the local date and 
time are not within the validity period, the CSS establishes a communication session 
with a certificate status reporting component of the issuing CA, composes a 
certificate status request accord i ng to th e conf i gur e d conn e ctor , retrieves the status 
from the certificate status reporting component, closes the communication session 
with certificate status reporting component, and adds at least the authentication 
certificated identification, status, and a time-to-live data element to the local cache 
memory. 

30. (Currently Amended) The method of claim 19, wherein the first party is 
a fj rs t TG U trusted third-party repository of information objects and the transaction is 
for transferring custody of one or more electronic originals to the first TGU trusted 
third-party repository of information objects from a second TGU trusted third-party 
repository of information objects , an owner of the transaction provides the second 
TGU trusted third-partv repository of information objects with a manifest that 
identifies electronic originals to be transferred to the first TG U trusted third-partv 
repository of information objects , the second TGU trusted third-partv repository of 
information objects establishes communication with the first TGU trusted third-partv 
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repository of information objects and identifies the purpose of its actions, the 
manifest is communicated to the first TG U trusted third-party repository of 
information objects so that it is able to determine when the transfer of custody has 
been completed, the second TGU trusted third-party repository of information objects 
transfers each identified electronic original to the first TG U trusted third-party 
repository of information objects , the first TGU trusted third-party repository of 
information objects retrieves status of the second TGU trusted third-party repository 's 
certificate and verifies the second TGU trusted third-party repository 's digital 
signature on each transferred electronic original, if any of the second TGU trusted 
third-party repository 's digital signatures or certificates are invalid, then the first TGU 
trusted third-party repository of information objects notifies the second TGU trusted 
third-party repository of information objects and seeks a remedy, if the second TGU 
trusted third-party repository of information objects does not provide a remedy, the 
first TG U trusted third-party repository of information objects notifies the transaction 
owner that the requested transfer of custody has failed, otherwise the second TGU 
trusted third-party repository of information objects creates a new wrapper for each 
successfully transferred information object, adding a date-time stamp and the first 
TGU trusted third-party repository 's signature block. 

31 . (Currently Amended) The method of claim 30, wherein the transaction 
is a transfer of ownership in response to an instruction, transfer of ownership 
documentation is placed in either the first TGU trusted third-party repository of 
information objects or the second TG U trusted third-party repository of information 
objects , the TGU trusted third-party repository of information objects having the 
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transfer of ownership documentation validates authenticity of the transfer of 
ownership documentation by verifying all digital signatures, certificate validity 
periods, and using the CSS to check certificate status of all authentication 
certificates included in the transfer of ownership documentation, appends a date and 
time indication, and digitally signs, wraps and stores the transfer of ownership 
documentation, which are added to the manifest. 

32. (Original) The method of claim 19, wherein certificate status is 
indicated to the CSS by a Certificate Revocation List ("CRL"), according to a 
publication schedule of the issuing CA, the CSS retrieves the CRL from a certificate 
status reporting component listed in the configuration store, the CSS clears a cache 
memory associated with the issuing CA, and the CSS determines the status of the 
authentication certificate from the CRL and stores the status in the cache memory 
associated with the issuing CA. 

33. (Original) The method of claim 19, wherein certificate status is 
indicated to the CSS by a Delta Certificate Revocation List ("ACRL"); upon 
notification by the issuing CA that a ACRL is available, the CSS retrieves the ACRL 
from a certificate status reporting component listed in the configuration store; if the 
ACRL is a complete CRL, then the CSS clears a cache memory associated with the 
issuing CA, determines the status from the CRL, and stores the status in the cache 
memory; and if the ACRL contains only changes occurring after publication of a full 
CRL, the CSS determines the status from the ACRL, and stores the status in the 
cache memory. 



